Deepak, <br><br>Not to be a pest but I believe you might get quicker responses and possibly better answeres if you address your question to the list instead of me personally. That being said...<br><br>I seem to remember an issue with using preshared keys with road warrior connections, I'm sure someone else on the list could elaborate n that... But if your road warrior is on Linux or another OS supported by Openswan, easiest setup is to use an RSA Sig key which can be generated with the software provided by Openswan. If your road warrior is a Windows box, you will probably need to use X509 certificates. There is plenty of documentation out there for for this type of setup. I can't remember the details of the top of my head and I don't want to tell you wrong.
<br><br>Nate Carlson always has good documentation Here is a link...<br><br><a href="http://www.natecarlson.com/linux/ipsec-l2tp.php">http://www.natecarlson.com/linux/ipsec-l2tp.php</a><br><br>Best of luck and best regards,
<br><br>Patrick Ford<br><br><br><br><div><span class="gmail_quote">On 24/01/07, <b class="gmail_sendername">Deepak Chopra</b> <<a href="mailto:deepak.chopra@mind-infotech.com">deepak.chopra@mind-infotech.com</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="blue" lang="EN-US">
<div>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Dear Patrick,</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Thanks for your help, now I'm able to
connect to both sides and tunnel is working fine. But this time I'm again
want a help to connect to my office computers from out side ( for road warrior
setup ). I've installed xl2tpd-1.1.06 and configured but when I'm
trying to connect from windows 2000 client ( that I've configured as per
KB240262 ). But when I'm trying to connect to VPN gateway Machine I'm
getting errors , attached in error log file and my configuration are below :</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"># /etc/ipsec.conf -
FreeS/WAN IPsec configuration file</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">version 2.0 #
conforms to second version of ipsec.conf specification</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"># basic configuration</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">config setup</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> plutodebug=dns</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> interfaces=%defaultroute</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> uniqueids=yes</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> nat_traversal=yes</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> virtual_private=%v4:<a href="http://192.168.0.0/16,%25v4:%21192.168.1.0/24,%25v4:10.0.0.0/8" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.0.0/16,%v4:!192.168.1.0/24,%v4:10.0.0.0/8</a></span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">conn %default</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> authby=secret</span></font></p><span class="q">
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> keyexchange=ike</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> esp=aes,3des</span></font></p></span>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> keyingtries=%forever</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> auth=esp</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">conn road</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> left=%defaultroute</span></font></p><span class="q">
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> leftsubnet=<a href="http://172.29.18.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">172.29.18.0/24</a></span>
</font></p></span>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> leftid=@<a href="http://xyz.selfip.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">xyz.selfip.net</a></span></font>
</p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> leftprotoport=17/1701</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> rightprotoport=17/1701</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> right=%any</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> rightsubnet=vhost:%priv,%no</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> authby=secret</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> auto=add</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> pfs=no</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">thanks in advance,</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">with regards</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Deepak chopra</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;"> Patrick Ford
[mailto:<a href="mailto:fenderdood@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">fenderdood@gmail.com</a>] <br>
<b><span style="font-weight: bold;">Sent:</span></b> Wednesday, January 17, 2007
7:39 PM<div><span class="e" id="q_11054572a998f4d0_5"><br>
<b><span style="font-weight: bold;">To:</span></b>
<a href="mailto:deepak.chopra@mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">deepak.chopra@mind-infotech.com</a><br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [Openswan Users] Help
for making VPN Tunnel using DynDNS on DSL Routers</span></div></span></font></p>
</div><div><span class="e" id="q_11054572a998f4d0_7">
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">Deepak,<br>
<br>
That's the reason you use the:<br>
left=%defaultroute<br>
right=[remote side's Fully Qualified Domain name.]<br>
<br>
This means that every time pluto tries to re-key the connection, it will have
to look up the ip address for the remote side's FQDN. <br>
<br>
As far as Keeping your IP Address registered with <a href="http://dnsalias.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">dnsalias.com</a>
you will have to download, install and configure their DDNS Client Software for
Linux. see: <a href="http://www.dyndns.com/support/clients/unix.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.dyndns.com/support/clients/unix.html</a>
.<br>
<br>
<br>
</span></font></p>
<div>
<p><span><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On 17/01/07, <b><span style="font-weight: bold;">Deepak
Chopra</span></b> <<a href="mailto:deepak.chopra@mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">deepak.chopra@mind-infotech.com
</a>> wrote:</span></font></span></p>
<div link="blue" vlink="blue">
<div>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Dear Patrick..</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Thanks you very much now I'm able to ping both side
machines…..</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">But one more thing .. can you please tell me how to keep up the
tunnel as it is based on dynamic IPs. </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">If dynamic IP has changed at one of the router then what settings
I've to give on Linux Box.</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">With regards</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Deepak Chopra</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;"> Patrick Ford [mailto:
<a href="mailto:fenderdood@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">fenderdood@gmail.com</a>] <br>
<b><span style="font-weight: bold;">Sent:</span></b> Wednesday, January 17, 2007
6:26 PM<br>
<b><span style="font-weight: bold;">To:</span></b> <a href="mailto:deepak.chopra@mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">deepak.chopra@mind-infotech.com</a><br>
<span><b><span style="font-weight: bold;">Subject:</span></b> Re: [<span name="st"></span><span>Openswan</span></span><span> <span name="st"></span><span>Users</span></span><span>] Help for
making VPN Tunnel using DynDNS on DSL Routers</span></span></font></p>
</div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
<div><span>
<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">You are correct, Deepak. You need to add
the left and right subnet parameters for your connection. Keeping the same
convention as before. <br>
<br>
leftsubnet=[your local subnet]<br>
rightsubnet=[remote subnet]<br>
<br>
<br>
All within the conn section for your config. And this needs to be added to the
config files for both gateways. </span></font></p>
<div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On
17/01/07, <b><span style="font-weight: bold;">Deepak Chopra</span></b> < <a href="mailto:deepak.chopra@mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">deepak.chopra@mind-infotech.com
</a>> wrote:</span></font></p>
<div link="blue" vlink="blue">
<div>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Thanks for the configuration.. and I'm able to make a tunnel.</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">But I've a doubt why leftsubnet and rightsubnet 's are missing in
this ipsec.conf file. Is it not required ? And also I'm not able to ping my
office PC from one of my home network PC.</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">What changes are to be done so that I can ping my office network pc
from my home network pc other than the gateway machine ?</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">With regards</span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;">Deepak </span></font></p>
<p><font color="blue" face="Times New Roman" size="3"><span style="font-size: 12pt; color: blue;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
</div>
</div>
</div>
</div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<br>
"Education is what remains after one has forgotten what one has learned in
school."<br>
Albert Einstein </span></font></p>
</span></div>
</div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<span>The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. WARNING: Computer
viruses can be transmitted via email. The recipient should check this email and
any attachments for the presence of viruses. The company accepts no liability
for any damage caused by any virus/trojan/worms/malicious code transmitted by
this email. <a href="http://www.mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.mind-infotech.com</a>
</span></span></font></p>
</div>
</div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<br clear="all">
<br>
-- <br>
<br>
"Education is what remains after one has forgotten what one has learned in
school."<br>
Albert Einstein </span></font></p>
</span></div></div><div><span class="e" id="q_11054572a998f4d0_9">
<br>
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus/trojan/worms/malicious code transmitted by this email.
<a href="http://www.mind-infotech.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.mind-infotech.com</a>
<br></span></div></div>
<br clear="all"></blockquote></div><br><br clear="all"><br>-- <br><br>"Education is what remains after one has forgotten what one has learned in school."<br> Albert Einstein